A.Vandenberg October 21, 2001 Internet2 Fall Member Meeting1 Georgia State University – Case Study...
-
Upload
erick-snow -
Category
Documents
-
view
212 -
download
0
Transcript of A.Vandenberg October 21, 2001 Internet2 Fall Member Meeting1 Georgia State University – Case Study...
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 1
Georgia State University – Case Study 1 Middleware:
Working with Policy Makers, Data Owners, and Campus Constituents
Art Vandenberg
Director, Advanced Campus Services
Information Systems & Technology
Georgia State University
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 2
Culture, business needs& project methodology
• CIO - top level sponsor of eUniversity• Analogous to eCommerce, higher ed needs:
– Directory services (not limited point solutions) for id, authN, authZ per application
– Seamless interfaces to applications: libraries, email, calendaring, eLearning, room/resource access, etc.
– Reduction of multiple electronic identities
• Specific commitment, assignment & charge for Advanced Campus Services - broad coordination
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 3
Specific direction& action plans
• Feb 2000, ACS charged with: – University-wide directory, metadirectory
– Universal account creation (namespace)
– Universal email solutions
– Interface to other electronic domains (one card, library…)
– Public-private key infrastructure
• NOTE: Georgia State’s ERP domain:– Peoplesoft financials, Student SCT begun, WebCT…
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 4
Stakeholders
• CIO and IT directors– Steering Group, scope doc, charter
• Data Stewards for Person Working Group:– registrar, hr, financials, card office, person registry
• LDAP Technical Working Group• Application domains
– WebCT, student email, Rec Center, one card office
• University System - discussion, promotion– CIOs, Vice Chancellor, Technical staff
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 5
Pitfalls/missed opportunities?
• Misjudging readiness– Competing ERP deployments– “Not ready for prime time” PKI
• Business needs not obvious– Hard to engage ERP teams focused on their core tasks– “But we can already do that!” (finding a killer app…)– “We’ll do that later, as soon as finished with priorities.”
• Lack of trust from data custodians?– Not really, but challenges with“technical” custodians
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 6
… opportunities?…
• Re: Bringing in key stakeholders– Deference to ERP teams (hindsight is 20/20… but)– However…aircraft carriers need room (time) to turn
• Changes the way we do business– Easier for new applications to embrace change?
• WebCT, student email, Rec Center
– Major event horizon (inevitable…)• First stop is person registry, then HR• Change process, not business
• University System - a necessary engagement
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 7
Legal risks with data
• Limit initial issues (but be aware)– If risky, leave data behind ERP wall (cf. bank accounts)
• Person registry actually inserts level of protection– Publishing/provisioning can have appropriate limits– Registry remains behind access controls
• White pages: “print” directory (Registrar/HR)• Core principles:
– Authoritative sources remain ERP systems– Data Stewardship & Access Policy governs all data
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 8
Silos and fortresses?
• What about aircraft carriers?– Major ERP implementations already underway– Production and operations culture vs. R&D– Technical debates can be: <invigorating/debilitating>
• Tactical versus strategic– Just do it (works well initially)– Iterative process, that keeps focusing on strategy– Remember, we’re part of a state system– Keeping one eye on national initiatives in middleware
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 9
Communication model
• Enterprise Directory Infrastructure Steering Group– CIO and IT directors
• Start biweekly, phase toward monthly end year 2• Level setting, resource identification, priorities
• University System– Burton Group directory/PKI seminars (1999-2000)– Directory Working Group (3 research, system office)
• Establish vocabulary, concepts, general consensus• Recommendation to ACIT (CIOs & V.Chancellor)• Directory of directories/system-wide id/ERP integration
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 10
Communication…
• Conferences– University System Rock Eagle, CUMREC
• Focus-IT newsletter, campus contacts• System Committee on policy for SSN• Internet2 Middleware working groups
– Support group, sanity check, best practices– Consider as “retreat & renewal” for more evangelism
• Technical staff (listen, be patient, leverage)• Work it until it’s part of the IT vocabulary
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 11
The sales pitch…
• Focus on application areas– Middleware may be too arcane, except for “initiates”
• “Printed Directory” as a metaphor• Provisioning - as it impacts colleges/depts:
– Automatic course rolls for WebCT– Universal email(and for admitted students)– New staff hires (get them online “day one”)
• Account management - as it impacts technical– User X has what accounts? Who is in application Y?
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 12
Hot buttonsInternal pressures
• Doesn’t everyone use same email? (No!)• President: Why can’t I send email to all faculty?• “I want to choose my own unique ID”• New hire online “day one”• Group email, paperless office, email check advice• Too many ids, too little management• Operational/production missions take priority• Resources: staff, time, money (in that order)
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 13
Worm holes…Strategic goals
• Goose & gander (student email policy… staff too)• Aha! (Metamerge & NMI-R1 for dynamic groups)• Just do it! (Forgiveness negotiable)• Involve faculty & students (competitive edge)
• Support teaching & learning mission• Integrate with ERP systems (Campus Pipeline…)• 3 years… but directory services on VC’s plan!
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 14
Carrots & sticks
• We’ll do this app for you if… vs• We can do this app better if…• Involve from beginning?
– Advantage sometimes, sometimes not– Good for us: research faculty & students– Find customer app that sells: WebCT, demographics
• The problem you want: middleware advisors!– You’ve really arrived!
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 15
Georgia State University – Case Study 2 Policy and Data Sore Points
Art Vandenberg
Director, Advanced Campus Services
Information Systems & Technology
Georgia State University
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 16
Technical implementationof institutional policy
• Data owners and control issues– Data Stewardship & Access Policy. Very helpful– Consensus: source systems retain authority– There is control and there is control. Do technical staff
“know” functional needs? (Careful)– Who drives project? (Remember: Organization is the
winner… Strive for consensus)– End users are data owners too!– Person registry has data steward
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 17
Implementing…policy
Policy Framework from the 1990s management– FERPA: Based on printed directory (annual, static),
not directory services (online, dynamic)– Was: Name, title, address, phone… Now: email, uid,
URL, pager, cell, mobile, jpeg…– Now: multiple roles overlaid with privacy issues– Now: lifetime CRM – pre- & post-relationship– Publication of employee info – We’re lucky (I think)
being public institution– Know your institutional policy process
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 18
Implementing… policy
Implementing triggers of institutional policy– ERP policy in person registry – be specific, be careful– “Current, active” student? 25,000 vs 61,000– If student elects FERPA suppress, what about directory
entry?– Definition of privileges: application by application– Do not ASSUME agreement on definitions (spell it out)– Technical staff defer to functional – nothing is simple– Be careful how you change business process (cf.
payroll doesn’t/can’t/shouldn’t initiate identity)
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 19
Implementing… policy
Role definitions: faculty, staff, affiliate…– “Hey cool! I’m faculty at the Library!”
– More student employees than faculty…
– Are student employees covered by FERPA?
– When does (can) an employee “start”?
– Concept of “provisional hire” (need date triggers)
– Hierarchy: “payments out” trumps “fees paid in”
– Retirees, survivors & “passed away”
– Vendors, affiliates – require sponsor, date limits
A.VandenbergOctober 21, 2001
Internet2 Fall Member Meeting 20
Suggestions
Communication is good, and builds buy-in– CIO, IT Directors, data stewards, technical staff, campus– System & peer institutions, Internet2 Middleware
– Aim high,but focus on application specifics
– Iterative development. Iterative review
– Don’t underestimate group & organizational dynamics
• Allow stewardship to work– Identity management is shared
– Think metadirectory services (value add, not replace)